Technologies

What Our Customers Are Saying

Reverse Polarity, LLC has been a valued member of our technology team since 2000. The advice they give is sound, and well thought out. The response time is lightning fast, especially when it is of a critical nature. The solutions provided are innovative, and exactly what we need. Our network is extremely solid and runs on open-source solutions that integrate seamlessly. Their knowledge of information and network security is top notch. I would not hesitate to recommend them to anyone. Regardless of whether you need help with a firewall, a server, backup device or a network overhaul you will not find a better partner in technology than Reverse Polarity, LLC!

Preparing The Hard Drives:

Encrypting The Drives

Once each of the drives has been completely overwritten with random data, it is time to create the encrypted container that will hold our Bacula backup data. I say container rather than partition because I prefer to use the entire drive since creating one or more partitions is not required, and would serve us no purpose.

Generate a key file to unlock the encrypted containers

We are going to be using a randomly generated key file to open and unlock our encrypted containers. This key file will be created using random data taken from /dev/urandom.

Keep this key file in a safe place (or multiple places), accessible only by you. Encrypt a copy of it with GPG and store it on a thumb drive if you like, but what ever you do, don't lose it. If you lose this key file, you will not be able to access the data on your drives. You have been warned.

Create the encrypted container on each drive

We will use a "less-than-secure", simple, temporary passphrase that will be only used for three things:

Create the encrypted LUKS container on each drive

Store itself to Key Slot 0 of the LUKS container

Add the secure 4096 Byte key file to Key Slot 1 of the LUKS container

Once the 4096 Byte key file has been added to key slot 1 of the LUKS container, it is immediately used to remove the temporary passphrase from key slot 0 of the LUKS container. The 4096Byte key file will then be the only way to unlock the encrypted container on the hard drive to access the data or to add/remove other keys.

Perform these next three steps with each new drive, be sure to check the dmesg output after plugging in each new drive to verify that you are operating on the correct device and substitute it for /dev/sde in the example below: